• Journal of KIISE:Software and Applications
• /
• v.30 no.9
• /
• pp.843-849
• /
• 2003

Web usage mining is the technique of data mining that analyzes web users' usage patterns by large web log. To use the web usage mining technique, we have to classify correctly users and users session in preprocessing, but can't classify them completely by only log files with standard web log format. To classify users and user session there are many problems like local cache, firewall, ISP, user privacy, cookey etc., but there isn't any definite method to solve the problems now. Especially local cache problem is the most difficult problem to classify user session which is used as input in web mining systems. In this paper we propose a heuristic method which solves local cache problem by using only click stream data of server side like referrer log, agent log and access log, classifies user sessions and completes session.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.15-23
• /
• 2013

In this paper, we propose a session management and control architecture for N-Screen services, which enable users to change devices and transfer contents among user's devices during service by session transfer and split. In N-Screen services, users may have multiple devices with different attribute such as screen resolution, CPU capability and access network interfaces. Also, since users may change devices during service, or one user may use multiple stream, N-Screen services need to enable the user to share and transfer contents across N-Screen devices. We introduce the management and control servers to provide session split over user multiple devices and session continuity while changing device. Furthermore, the proposed architecture provides the device capabilities aware session continuity. In addition, the proposed scheme minimizes the session transfer delay and content server processing load. We present results that show the effectiveness and usefulness of proposed architecture.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.355-364
• /
• 2010

A session transfer method, referred to as a Recipient Serving-call session control function (S-CSCF) Assured (RSA), is proposed in order to support both session mobility and consistency in IP multimedia subsystem (IMS) based next generation network (NGN). RSA session transfer simplifies a basic session transfer operation specified in [1] by using the user agent client (UAC) like characteristics of an S-CSCF. To show its efficiency, the session transfer delay and the traffic cost of RSA session transfer are investigated and compared with those of existing session transfer applications, including Assured and Consultative session transfers, by practically considering multiple session transfer failures. It is shown that RSA session transfer can further improve user experience by reducing session transfer delay as well as traffic cost than Assured and Consultative session transfers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.1
• /
• pp.466-483
• /
• 2017

Zen Cart is an open-source online store management system. It is used all over the world because of its stability and safety. Today, Zen Cart's session security mechanism is mainly used to verify user agents and check IP addresses. However, the security in verifying the user agent is lower and checking the IP address can affect the user's experience. This paper, which is based on the idea of session protection as proposed by Ben Adida, takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption. Moreover, the request path, current timestamp, and parameter are encrypted by using HMAC-SHA256 in the client. The client then submits the result to the web server as per request. Finally, the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value. In this way, the Zen Cart's open-source system is reinforced. Owing to the security and integrity of the HMAC-SHA256 algorithm, it can effectively protect the session security. Analysis and experimental results show that this mechanism can effectively protect the session security of Zen Cart without affecting the original performance.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.17-27
• /
• 2007

This paper proposes a key distribution and authentication protocol between user, service provider and key distribution center (KDC). This protocol is based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. In the proposed protocol, user and server update the session key under token-update operation, and user can process repeated efficient authentications by using updated session keys. And another merit is that KDC needs not to totally control the session key between user and server in proposed protocol. Even an attacker steals the parameters from the KDC, the attacker still can not calculate session key. According to the comparison and analysis with other protocols, our proposed protocol provides good efficiency and forward secure session key.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.4
• /
• pp.19-25
• /
• 2016

There are many free applications that need users to sign up before they can use the applications nowadays. It is difficult to choose a suitable password for your account. If the password is too complicated, then it is hard to remember it. However, it is easy to be intruded by other users if we use a very simple password. Therefore, biometric-based approach is one of the solutions to solve the issue. The biometric-based approach includes keystroke dynamics on keyboard, mice, or mobile devices, gait analysis and many more. The approach can integrate with any appropriate machine learning algorithm to learn a user typing behavior for authentication system. Preprocessing phase is one the important role to increase the performance of the algorithm. In this paper, we have proposed ensemble-by-session (EBS) method which to operate the preprocessing phase before the training phase. EBS distributes the dataset into multiple sub-datasets based on the session. In other words, we split the dataset into session by session instead of assemble them all into one dataset. If a session is considered as one day, then the sub-dataset has all the information on the particular day. Each sub-dataset will have different information for different day. The sub-datasets are then trained by a machine learning algorithm. From the experimental result, we have shown the improvement of the performance for each base algorithm after the preprocessing phase.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.1 no.2
• /
• pp.73-81
• /
• 2006

The home network is generally separated from the Internet, as it is made up of a private network due to security issues and the lack of IPv4 addresses space. Also, a user may want to move from a terminal to another terminal connected in the home network during communicating with people outside the home. In this case, people connected in the Internet, or another home network could not communicate the user at the home. These limitations prevent a SIP-capable device connected in the home network from communicating with another SIP-capable device connected in the Internet or the outside of the home network. To overcome the limitations, This paper proposes the Adaptive SIP Application Server System as a software architecture that a user inside of the home can communicate with people outside of the home when the home is composed of a private IP-based network. Moreover, the proposed architecture provides the session mobility that allows the user to maintain a media session even if changing the terminal inside of the home during the session established. The proposed system was implemented over a home server device which acts functionality as a connection point for transmitting IP packets between a home network and the Internet.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.31-36
• /
• 2015

As web accessibility has been easier, security issue becomes much more important in web applications demanding user authentication. Cookie is used to reduce the load of the server from the session in web applications and manage the user information efficiently. However, the cookie containing user information can be sniffed by an attacker. With this sniffed cookie, the attacker can retain the web application session of the lawful user as if the attacker is the lawful user. This kind of attack are called cookie replay attack and it causes serious security problems in web applications. In this paper, we have introduced a mechanism to detect cookie replay attacks and defend them, and verified effectiveness of the mechanism.

• Journal of KIISE:Information Networking
• /
• v.32 no.1
• /
• pp.80-88
• /
• 2005

In ubiquitous spaces, a user wants to be provided with a VOD service while moving one space to another freely. Since the traditional VOD system is dependent on user location, the VOD server transmits video data to a single client during a session. If the user moves to another space, he/she should close the old session and make a new request for the same video. However, the location-aware VOD system supports user mobility by closing and opening the session automatically. That is, the VOD system automatically perceives the movement of a user and allows the server to change the data flow so that a client near the user can receive the video data. This paper proposes a location-aware VOD service architecture and a session handoff scheme to provide a mobile user with continuous video delivery and implements a location-aware VOD prototype system based on Jini and Java. In experiment, we show that the proposed handoff scheme has a smaller handoff delay than the other handoff scheme.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.35-43
• /
• 2017

In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.